DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Google pays $250K for Linux vulnerability allowing guest VM escapes

Quality: 9/10 Relevance: 9/10

Summary

Ars Technica reports on two high-severity Linux vulnerabilities disclosed this week: Januscape, a use-after-free flaw in KVM that could allow a guest VM to escape to the host, and GhostLock, a long-standing use-after-free in the futex priority-inheritance mechanism that can enable root access. Google paid $250,000 for reporting Januscape, and patches have been issued for both flaws. The article emphasizes the need to apply kernel and distribution updates to mitigate risk across affected systems.

🚀 Service construit par Johan Denoyer